jueves, 19 de enero de 2017

1. When we are visiting a website and we are not sure about their legitimacy we just click on the plugin icon and then on "Check this page now":

it will take some seconds and then a pop up like below will appear informing about the result, in this case warning us to be careful cause the web is related with the online counterfeiting:

2. The other option, useful when we do not want to visit a website cause might be dangerous, is to click in the link and go directly to the desenmascara.me website. Then we can type the web address of the website we would like to analyze:

In such a case we will see the information about the website being flagged as FAKE. Then we know it is not safe to browse the website nor to purchase any item on it.

In cases where a website has been already analyzed we will see the information into the popup like below where you can even click the "review the analysis" link to see the full report:

Do not hesitate to ask me any question regarding the plugin or the results.

This recent post made me to review the drafts I had in this blog regarding a similar issue which I publish today. With the project http://desenmascara.me I have been investigating the online counterfeiting fraud for quite some time. It turns out that Facebook has plenty of advertisements like below:

Though it is not a security vulnerability itself I reported it to Facebook because it is an abuse of their functionality which might be used to lure their users: anyone can set up an ads and the target website would not be "fully verified" which might contain badware or fake content as in this case.

The report was closed with the following feedback:Hi Emilio,

Thanks for contacting us. Keep in mind that this queue is specifically for security vulnerabilities. Since what you describe doesn't appear to be a security vulnerability, you can provide feedback or suggestions regarding a feature here:

Redacted nameFacebook
It seems that the issue was investigated some years ago by another researchers:

But Facebook still allows such advertisements. Despite all the effort they are taking against FAKE news, it seems they still have plenty of room to improve regarding to get rid of advertisements involved with online counterfeiting in their network.

Google does a better work in such matter but sometimes, as highlighted in the picture below, they have ads related with fake sites as well.